SaTC: CORE: Medium: Protecting Confidentiality and Integrity of Deep Neural Networks against Side-Channel and Fault Attacks

SaTC：核心：中：保护深度神经网络的机密性和完整性免受侧通道和故障攻击

• 批准号: 1929300
• 负责人: Yunsi Fei
• 金额: $ 120万
• 依托单位: Northeastern University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-10-01 至 2024-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1929300&HistoricalAwards=false
• 关键词: SaTC; CORE; Medium; Protecting; Confidentiality

Deep learning (DL) has become a foundational means for solving diverse problems ranging from computer vision, natural language processing, digital surveillance to finance and healthcare. Security of the deep neural network (DNN) inference engines and trained DNN models on various platforms have become one of the biggest challenges in deploying artificial intelligence. Confidentiality breaches of the DNN model can facilitate manipulations of the DNN inference, resulting in potentially devastating consequences. This project aims to promote broader applications of DNNs in security-critical scenarios by ensuring secure execution of DNN inference engines against side-channel and fault injection attacks.The project is composed of three salient and interdependent thrusts. SpyNet will study vulnerability of DNNs implemented on mainstream platforms to model reverse engineering via passive side-channel attacks. DisruptNet will investigate the feasibility of active fault injection attacks to disrupt execution of DNN inference engines, and SecureNet will identify protection, detection, and hardening mechanisms for secure execution of DNN inference engines. This project may deepen the understanding of inherent information leakage and fault tolerance of DNN models. The unprecedented rise of DL technology in diverse application domains has rendered secure execution, primarily confidentiality and integrity, a top priority. This project significantly advances the state-of-the-art on DL implementations, computer architecture and heterogeneous systems, hardware security, and formal methods/verification. Research results and insights on secure DNN design techniques will be incorporated into courses developed by the researchers. The interdisciplinary research will provide unique training and opportunities for graduate and undergraduate students, and industry partners through a newly established Industry-University Collaborative Research Center. The project will leverage the Experiential Education model of Northeastern University to engage undergraduates, women, and minority students in independent research projects.All the attack library, metrics, methodologies, and software tools will be made available to the public on a dedicated project Website (https://tescase.coe.neu.edu), and the protected and hardened DL models will be released to GitHub to facilitate community usage. The repository will be maintained during and beyond the project.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

深度学习（DL）已成为解决从计算机视觉，自然语言处理，数字监视到融资和医疗保健等多种问题的基础手段。深度神经网络（DNN）推理引擎和经过训练的DNN模型的安全性已成为部署人工智能的最大挑战之一。 DNN模型的机密性漏洞可以促进对DNN推断的操纵，从而导致潜在的毁灭性后果。该项目旨在通过确保安全执行DNN推理引擎针对侧通道和故障注射攻击来促进DNN在安全至关重要方案中的更广泛应用。该项目由三个明显和相互依存的推力组成。 Spynet将研究主流平台上实施的DNN的脆弱性，以通过被动侧通道攻击对反向工程进行建模。 Insuptnet将调查主动故障注入攻击以破坏DNN推理引擎执行的可行性，SecureNet将确定保护，检测和硬化机制，以固定DNN推理引擎的执行。该项目可以加深对DNN模型固有信息泄漏和容错性的理解。 DL技术在各种应用领域的前所未有的崛起已使安全执行，主要是机密性和完整性，这是当务之急。该项目在DL实现，计算机架构和异构系统，硬件安全性以及正式方法/验证方面大大提高了最先进的方法。对安全DNN设计技术的研究结果和见解将纳入研究人员开发的课程中。跨学科研究将通过新成立的行业大学合作研究中心为研究生和本科生提供独特的培训和机会。该项目将利用东北大学的经验教育模型参与独立研究项目的本科生，妇女和少数族裔学生。所有攻击库，指标，方法和软件工具将在DeDicated Project网站（https://tescase.coe.neu.edu）上向公众提供，并将被释放到fatecity dl dl dl dl dl dl。该存储库将在项目期间和之外维护。该奖项反映了NSF的法定任务，并被认为是值得通过基金会的知识分子优点和更广泛影响的评论标准来评估值得支持的。

项目成果

Characteristic Examples: High-Robustness, Low-Transferability Fingerprinting of Neural Networks

• DOI: 10.24963/ijcai.2021/80
• 发表时间: 2021-08
• 作者: Siyue Wang;Xiao Wang;Pin-Yu Chen;Pu Zhao;Xue Lin

High-Robustness, Low-Transferability Fingerprinting of Neural Networks

• 发表时间: 2021-05
• 期刊: ArXiv
• 作者: Siyue Wang;Xiao Wang;Pin-Yu Chen;Pu Zhao;Xue Lin

Stealthy-Shutdown: Practical Remote Power Attacks in Multi - Tenant FPGAs

隐形关闭：多租户 FPGA 中的实用远程电源攻击

• DOI: 10.1109/iccd50377.2020.00097
• 发表时间: 2020
• 期刊: IEEE International Conference on Computer Design: VLSI in Computers and Processors
• 作者: Luo, Yukui;Gongye, Cheng;Ren, Shaolei;Fei, Yunsi;Xu, Xiaolin
• 通讯作者: Xu, Xiaolin

EMShepherd: Detecting Adversarial Samples via Side-channel Leakage

• DOI: 10.1145/3579856.3582827
• 发表时间: 2023-03
• 期刊: Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security
• 作者: Ruyi Ding;Gongye Cheng;Siyue Wang;A. A. Ding-A.;Yunsi Fei

BLCR: Towards Real-time DNN Execution with Block-based Reweighted Pruning

• DOI: 10.1109/isqed54688.2022.9806237
• 发表时间: 2022-04
• 期刊: 2022 23rd International Symposium on Quality Electronic Design (ISQED)
• 作者: Xiaolong Ma;Geng Yuan;Z. Li;Yifan Gong;Tianyun Zhang;Wei Niu;Zheng Zhan;Pu Zhao;Ning Liu;Jian Tang;Xue Lin;Bin Ren;Yanzhi Wang